Cert advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
agree at carltonfields.com
agree at carltonfields.com
Wed Feb 2 20:56:33 UTC 2000
A web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. This can be a problem when a web server does not adequately ensure that generated pages are properly encoded to prevent unintended execution of scripts, and when input is not validated to prevent malicious HTML from being presented to the user.
Advisory may be found at: http://www.cert.org/advisories/CA-2000-02.html
Should we react to this with respect to the Squeak Swiki regarding <SCRIPT> tags?
More information about the Squeak-dev
mailing list
|